Linked Questions

I read this interesting question on why improvising your own Hash function out of existing hash functions is bad. However this is specifically focusing on 'mixing' existing hashfunctions. What if for ...

Is there a good/better/best way to generate a one time pad? I would like to only utilize about 40 characters (a-z, 0-9, .,!-). What I have come up with is perhaps not the BEST way, but seems to fill ...

I'm developing a cryptographic toolkit and plan to employ custom algorithms for hashing, password stretching, etc. Is there a way I can get them analysed? Yes, I can post it on my website and on sites ...

I get that people don't want to encourage other people to implement their own algorithms/implementations of algorithms due to safety issues. But on the other hand, questions about creating your own ...

I have been working on a certificate system for use (as a means of authentication) with my accounts system APIs. I am still thinking out the details, I have only watched a few videos on asymmetric ...

Cryptology is such a broad subject that even experienced coders will almost always make mistakes the first few times around. However encryption is such an important topic, often we can't afford to ...

We talked about password hashing and salting in class today. Our professor had a very different understanding of the use case of salts from mine and said that you might not store the salt at all and ...

I'm afraid I'll have tomatoes thrown at me for asking this old question, but here goes. After reading that cooking up your own password hash out of existing hashing functions is dangerous over and ...

In using Argon2 for hashing passwords in my application, I've noticed it generates a string like this (e.g. for password "rabbit"): $argon2i$v=19$m=65536,t=3,p=1$YOtX2//7NoD/owm8RZ8llw==$...

Say my password is abc. I want to send it to the server over HTTP. I could send it in plaintext and let the server hash it and compare it to the entries in its database, but then anyone that can see ...

I'm implementing a salt function for user passwords on my web page, and I'm wondering about some things. A salt is an extension added to a password and then hashed, meaning the password is stored in ...

I know that one shouldn't rely on "obscurity" for their security. For example, choosing a non-standard port is not really security, but it also doesn't usually hurt to do so (and may help mitigate ...

It seems to me that a hardware component which generates random numbers is extremely simple - just measure tiny vibrations in the hardware with a sensor, right? Maybe I'm wrong but it seems like if ...

I'm working on a cryptosystem that uses colour pictures as keys for encryption. I'm trying to guess what is the key size of my cryptosystem in order to find the feasibility of a brute force attack. My ...

There has been quite a bit of concern noted relating to the recent discovery that Lenovo are pre-installing a piece of Adware (Superfish) which has the capability of intercepting SSL traffic from ...